Re: How to view IPSec Tunnel PSK

srajeswaran · 05-17-2023

Description This article describes how to avoid issues with an IBGP route being preferred over an EBGP route. Scope FortiGate. Solution If the same route is learned through EBGP and IBGP, the EBGP route is generally activated due to its lower adminis...

srajeswaran · 05-09-2023

Description This article describes how to check the routes configured using the HA reserved management interface on the FortiGate HA setup. Scope FortiGate HA. Solution The HA direct management interface and the route can be configured from the GUI a...

srajeswaran · 04-25-2023

Description This article discusses the possible scenarios where the user is able to see specific packets under the 'diagnose sniffer' output, but it is not possible to see the packet leaving the firewall and no outputs in the 'debug flow trace'. Scop...

srajeswaran · 11-14-2022

Description This article describes the case where it is required to block ICMP requests originating from Firewall to specific destinations/geolocations, FortiGate administrator can use interface-policy along with custom-IPS signature. This article de...

srajeswaran · 04-15-2024

Ideally the upgrade happens in below steps. 1. Upgrade of backup unit (The sessions continue to flow through the Primary unit) 2. Once backup is upgraded and rebooted, failover happens (sessions are moved to upgraded node at this time) 3. The old pri...

srajeswaran · 04-15-2024

With "uninterruptible-upgrade enable", there is no traffic drop expected. Are you saying, you are getting 1min downtime even with this setting?https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-HA-upgrade-procedure-and-the-status/ta-...

srajeswaran · 04-02-2024

I think this matches your issue. Please test the solution suggested here.https://community.fortinet.com/t5/Support-Forum/PC-losing-internet-connectivity-while-using-FortiClient/m-p/77508 https://community.fortinet.com/t5/Support-Forum/Connect-to-IPSe...

srajeswaran · 04-01-2024

config webfilter urlfilter, this is the hierarchy. The syntax in the CLI for configuring an entry is: #config webfilter urlfilteredit config entriesedit 1set url set referrer-host set type {simple | regex | wildcard}set action {block | allow | monito...

srajeswaran · 03-28-2024

Can you confirm if you have configured "set net-device enable" under phase1 ? If not, please try the below.configure "set net-device enable" under phase1change route-overlap to allow under phase2 disable net-device again under phase1

User Statistics

User Activity

Troubleshooting Tip: IBGP route is preferred over EBGP route

Technical Tip: Default route via HA reserved management Interface not visible on route table

Technical Tip: Packets seen under 'diagnose sniffer' output but not seen on 'debug flow trace'

Technical Tip: Block ICMP request originated from the firewall

Re: How to keep the connections when perform firmware update? 2 Fortinet 100e firewall with HA

Re: How to keep the connections when perform firmware update? 2 Fortinet 100e firewall with HA

Re: Two Factor Email and IPSec

Re: Enable Toggle url Filter via CLI

Re: Route-overlap allow command fails

Re: How to view IPSec Tunnel PSK

Re: FortiLyzer > Log View > Traffic - Columns Cust...

Re: Why not advertised via BGP?

Re: IPSEC Tunnel Connectivity Issue

Re: Drop down menus in FMG and FAZ no longer work ...

Re: Unable to upgrade Fortigate Firmware to 7.2.4

Re: FortiOS 7.0.13

Re: FortiLyzer > Log View > Traffic - Columns Cust...

Re: Why not advertised via BGP?

Re: Fortinet FCP Core Exam

KCS